Security Engineer (L5) - Workforce Security

Job Description

At Netflix, our mission is to entertain the world. Together, we are writing the next episode - pushing the boundaries of storytelling, global fandom and making the unimaginable a reality. We are a dream team obsessed with the uncomfortable excitement of discovering what happens when you merge creativity, intuition and cutting-edge technology. Come be a part of what's next.

About the Team

Netflix's Workforce Security team protects its employees, endpoints, and vendors by implementing controls for secure user access, SaaS and vendor usage, and endpoint security. The goal is to address security risks while pragmatically enabling business agility, leveraging risk-based approaches rather than policy mandates, and building strong cross-functional partnerships across the company.

About the Role

We are seeking a talented L5 Security Engineer specializing in Endpoint Security to join our team. In this role, you will be critical to identifying and managing risks across all software on Netflix endpoints. You will drive the development of scalable technical security controls that enhance business agility and reduce risk for workforce-related business scenarios.

The Workforce Security Engineer role focuses heavily on designing, implementing, and validating protective endpoint security controls. This includes developing and rolling out solutions for host hardening, vulnerability identification, and effective patch management to maintain defined security standards and prevent configuration drift across devices. Rapid genAI adoption and evolving genAI threats are changing our endpoint posture needs. A critical component of the role is designing and testing host hardening configurations for Mac, Windows, and Linux systems. You will also be responsible for designing and executing a comprehensive Patch and Vulnerability Management Strategy, enforcement, and applying Threat Intelligence to prioritize the remediation of endpoint vulnerabilities at the OS, App, and App Configuration levels. Where necessary, you will also evaluate build vs. buy security capabilities through requirement gathering, cost-benefit analysis, and accurate estimation of development effort.

Beyond the technical implementation, this position requires strong communication and risk translation skills, specifically the ability to translate complex technical risks into clear business risks for stakeholders to inform trade-off decisions. Finally, the role includes providing standard business-hours operational support for Workforce Security and participating in infrequent 24/7 Incident Response as needed.

You Should Have:
• Knowledge of commercially available endpoint MDM solutions such as Jamf, Kandji, or Intune
• Working experience with commercially available endpoint vulnerability scanning tools such as CrowdStrike, Tenable
• Experience designing and testing host hardening configuration for at least two of the major operating systems (Mac, Windows, Linux).
• Understanding of Vulnerability Management practices
• Threat Modeling competency to influence control right-sizing and other prioritization efforts
• Ability to validate publicly disclosed exploits and perform variant analysis
• Scripting (must be able to script, not to production level, and use of GenAI is sufficient)
• Autonomously drives work delivery (bias to action)
• Cross-functional collaboration skills
• High-level familiarity with the functionality of commercially available corporate security tooling in the areas of endpoint, identity, data, and vendor security.
• Ability to navigate ambiguity by taking strategic goals and decomposing them into actionable project plans
• Using measurement and metrics to drive decision-making and outcomes

You will succeed in this role if you:
• Value a deeply collaborative team.
• Use data to inform your judgment, and to support and communicate your decisions.
• Effectively communicate complex subjects to our internal customers and partners.
• Enjoy taking full ownership of open-ended problems, from concept to product, and effectively managing your own time.
• Care about improving the systems around you and leaving things better than you found them.
• Believe a diverse and inclusive team is a critical aspect of a sustainable and effective work environment.
• Empathize with your customers, and have an interest in the overall product lifecycle.
• Challenge the status quo and seek to find novel and customer-centric ways to solve problems.

Generally, our compensation structure consists solely of an annual salary; we do not have bonuses. You choose each year how much of your compensation you want in salary versus stock options. To determine your personal top of market compensation, we rely on market indicators and consider your specific job family, background, skills, and experience to determine your compensation in the market range. The range for this role is $400,000.00 - $680,000.00. This compensation range will vary based on location.

Netflix provides comprehensive benefits including Health Plans, Mental Health support, a 401(k) Retirement Plan with employer match, Stock Option Program, Disability Programs, Health Savings and Flexible Spending Accounts, Family-forming benefits, and Life and Serious Injury Benefits. We also offer paid leave of absence programs. Full-time hourly employees accrue 35 days annually for paid time off to be used for vacation, holidays, and sick paid time off. Full-time salaried employees are immediately entitled to flexible time off. See more details about our Benefits here .

Netflix is a unique culture and environment. Learn more here .

Inclusion is a Netflix value and we strive to host a meaningful interview experience for all candidates. If you want an accommodation/adjustment for a disability or any other reason during the hiring process, please send a request to your recruiting partner.

We are an equal-opportunity employer and celebrate diversity, recognizing that diversity builds stronger teams. We approach diversity and inclusion seriously and thoughtfully. We do not discriminate on the basis of race, religion, color, ancestry, national origin, caste, sex, sexual orientation, gender, gender identity or expression, age, disability, medical condition, pregnancy, genetic makeup, marital status, or military service.

Job is open for no less than 7 days and will be removed when the position is filled.

Jobcode: Reference SBJ-bxonjy-216-73-216-67-42 in your application.